---
title: Audit logs
description: Learn how to track and analyze your account's activities by using the audit logs.
---

import { ContentSpotlight } from '~/ui/components/ContentSpotlight';

> **info** Audit logs are available for [Enterprise plan](https://expo.dev/pricing) customers.

Audit logs record actions made with Expo Application Services (EAS) by accounts. Recorded data includes information about the affected entities, the type of modification made to them, who performed the action, and when the activity occurred.

## Key points

- Audit logs can only be created and never modified or deleted, they serve as a source of truth to help monitor events and debug issues occurring within accounts.
- **Audit logs are available to Enterprise plan customers**. When subscribed, some of the logs used internally by Expo are immediately available, while other types of logs are starting to be collected after the subscription is activated.
- Audit logs are stored for 1.5 years. If an account is deleted, its audit logs will be deleted after 90 days.
- To access them, go to **Account settings**/**Organization settings** > [**Audit logs**](https://expo.dev/accounts/[account]/settings/audit-logs).

<ContentSpotlight
  alt="Screenshot showing the audit logs page for an account."
  src="/static/images/accounts/audit-logs.png"
/>

## Use cases

### Permission monitoring

Audit logs can track user invitations and permission changes within your organization. An example security event could include a compromised employee account that invites an attacker into an organization and changes their permission to [Admin](/accounts/account-types/#manage-access).

In this scenario, audit logs would record which employee account invited the attacker and modified permissions. Since audit logs are immutable, the attacker would not be able to delete this recorded history. Other organization members will be able to review the audit logs to determine which account was compromised, take action to revoke the attacker's permissions and secure the employee's account.

### Access history

An Expo organization account can include many projects where development access is controlled by distribution certificates assigned to individual teams. When devices are granted to join these teams, it is important to track when access is granted and removed for historical record keeping. While a device may not currently be included in an Apple team, it may be useful to see who previously had access to the team in the event of an internal security incident.

The Apple devices listed within the Expo team's settings will only show devices that are currently registered to an account, but with the creation of audit logs, historical modifications of Apple teams and devices can be viewed.

## Audit log entities

While we are working on adding more entities in future, the following entities are already enabled:

- Account
- Account subscription
- Android App Credentials
- Android Keystore
- App Store Connect API key
- Apple Device
- Apple Distribution Certificate
- Apple Provisioning Profile
- Apple Team
- EAS Hosting Alias
- EAS Hosting Custom Domain
- EAS Hosting Deployment
- EAS Update Branch
- EAS Update Channel
- Google Service Account key
- iOS App Credentials
- LogRocket Organization
- LogRocket Project
- Organization SSO Configuration
- Project
- User Invitation
- User Permission
- Workflow
- Workflow Revision

### Structure

Audit log entries include the following fields:

| Field       | Description                                                                                    |
| ----------- | ---------------------------------------------------------------------------------------------- |
| Actor       | The account actor that performed the particular action.                                        |
| Entity Type | The object that was modified with one of the modification types: `CREATE`, `UPDATE`, `DELETE`. |
| Action Type | The type of modification: `CREATE`, `UPDATE`, `DELETE`.                                        |
| Message     | Contains information based on the **Action**.                                                  |
| Created At  | When the particular action was performed.                                                      |

Additionally, clicking on an Audit log row, you can view the metadata relevant to that log.

<ContentSpotlight
  alt="Screenshot showing the details drawer for an audit log."
  src="/static/images/accounts/audit-logs-details.png"
/>

## Export

**Audit logs are available to Enterprise plan customers**. When subscribed, some of the logs used internally by Expo are immediately available, while other types of logs will be collected after the subscription is activated.

You can export your audit logs to review them outside of the Expo dashboard. To export audit logs:

1. In the sidebar menu, under **Account/Organization settings**, click [**Audit logs**](https://expo.dev/accounts/[account]/settings/audit-logs).
2. Click the **Export** button in the top-right corner of the audit logs page.
   <ContentSpotlight
     alt="Audit logs export button."
     src="/static/images/accounts/audit-logs-export-button.png"
   />
3. Select your desired time range. Export is available with a time range of up to 30 days.
4. The audit logs will be exported as a file for download.

The exported file will include all the fields shown on the Audit logs page except for the **Message** field.

> **Note:** Export is currently only available through the Expo website. There is no API available for programmatic export of audit logs.
